CVE-2026-45244
🔶 mediumSummary
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invoke enabled extension automation tools such as navigation or debugger-backed actions, bypassing the final user approval step when a user interacts with attacker-controlled content.
CVSS Score
5.4
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-18
First Seen: 2026-05-19
📊 Relative Risk Intelligence
This CVE is Lower Risk - more severe than 22.8% of all 326,604 vulnerabilities in our database.
#252,020
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 19, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Chia Min Jun Lennon
SSVC data provided by
CISA
Last Modified
2026-05-19
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVSS Vector 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)